How to fix the "No Route to Host" error in Docker when using UFW on Ubuntu

By Zennith DevOps Team Published 2026-02-15
DockerUbuntuHome LabNetworking

Docker containers losing network connectivity after a Host OS update? Here is how to fix the specific conflict between Docker and UFW.

The Conflict Between Docker and UFW

If you run your own servers or home lab, you might have run into this specific configuration hell: your Docker containers suddenly lose network connectivity and you get a No Route to Host error. This often happens after a Host OS update when using UFW (Uncomplicated Firewall) on Ubuntu.

The root cause is that Docker bypasses UFW by directly manipulating iptables for its networking. When UFW is reloaded or the OS updates its network settings, UFW's rules can clobber Docker's routing tables.

# The Solution: Fixing the Routing Table

To fix this, you need to explicitly allow traffic from Docker's virtual network interface in UFW.

1. First, find your Docker network subnet. Usually it's 172.17.0.0/16, but you can verify it by running: docker network inspect bridge 2. Next, tell UFW to allow routing for this subnet: sudo ufw route allow from 172.17.0.0/16 3. Restart UFW to apply the changes: sudo ufw reload

This tells UFW that traffic originating from the Docker bridge should be permitted to route out.

For a deeper dive intoiptables and Docker, check out this excellent video explanation on YouTube.